mirror of
https://github.com/rkd77/elinks.git
synced 2024-12-04 14:46:47 -05:00
[integrity] store integrity value in url . Refs #284
For ecmascript it is '^integrity\0url'. Weak points: Bad script is not executed, but is stored in cache, so next requests will take it from cache, not from network. Checksum is calculated everytime script is loaded (it can be many times per second). Scripting pre_format_hook can modify the body of script and cause a wrong checksum. Error message is written to stderr.
This commit is contained in:
Witold Filipczyk
parent
403bc5c6ce
commit
da93f8f374
@ -322,6 +322,7 @@ not_processed:
|
||||
|
||||
char *import_url;
|
||||
struct uri *uri;
|
||||
struct string tmp;
|
||||
|
||||
if (!get_opt_bool("ecmascript.enable", NULL)) {
|
||||
mem_free(src);
|
||||
@ -336,16 +337,26 @@ not_processed:
|
||||
uri = get_uri(import_url, URI_BASE);
|
||||
if (!uri) goto imported;
|
||||
|
||||
char *integrity = get_attr_val(a, "integrity", html_context->doc_cp);
|
||||
/* Request the imported script as part of the document ... */
|
||||
html_context->special_f(html_context, SP_SCRIPT, uri, integrity);
|
||||
mem_free_if(integrity);
|
||||
html_context->special_f(html_context, SP_SCRIPT, uri);
|
||||
done_uri(uri);
|
||||
|
||||
if (init_string(&tmp)) {
|
||||
char *integrity = get_attr_val(a, "integrity", html_context->doc_cp);
|
||||
|
||||
add_char_to_string(&tmp, '^');
|
||||
|
||||
if (integrity) {
|
||||
add_to_string(&tmp, integrity);
|
||||
mem_free(integrity);
|
||||
}
|
||||
add_char_to_string(&tmp, '\0');
|
||||
add_to_string(&tmp, import_url);
|
||||
/* Create URL reference onload snippet. */
|
||||
insert_in_string(&import_url, 0, "^", 1);
|
||||
add_to_ecmascript_string_list(&html_context->part->document->onload_snippets,
|
||||
import_url, -1, html_top->name - html_context->part->document->text.source);
|
||||
tmp.source, tmp.length, html_top->name - html_context->part->document->text.source);
|
||||
done_string(&tmp);
|
||||
}
|
||||
|
||||
imported:
|
||||
/* Retreat. Do not permit nested scripts, tho'. */
|
||||
|
||||
@ -40,11 +40,6 @@
|
||||
#include "document/options.h"
|
||||
#include "document/refresh.h"
|
||||
#include "document/renderer.h"
|
||||
|
||||
#ifdef CONFIG_ECMASCRIPT_SMJS
|
||||
#include "ecmascript/ecmascript-c.h"
|
||||
#endif
|
||||
|
||||
#include "intl/charsets.h"
|
||||
#include "osdep/types.h"
|
||||
#include "protocol/uri.h"
|
||||
@ -2397,13 +2392,8 @@ html_special(struct html_context *html_context, html_special_type_T c, ...)
|
||||
#ifdef CONFIG_ECMASCRIPT
|
||||
if (document) {
|
||||
struct uri *uri = va_arg(l, struct uri *);
|
||||
char *integrity = va_arg(l, char *);
|
||||
|
||||
add_to_uri_list(&document->ecmascript_imports, uri);
|
||||
|
||||
if (uri && integrity) {
|
||||
save_integrity_in_map(uri, integrity);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
break;
|
||||
|
||||
@ -39,35 +39,9 @@
|
||||
#include "viewer/text/form.h"
|
||||
#include "viewer/text/view.h"
|
||||
|
||||
#ifdef CONFIG_ECMASCRIPT_SMJS
|
||||
#include <map>
|
||||
std::map<struct uri *, char *> map_integrity;
|
||||
#endif
|
||||
|
||||
extern int interpreter_count;
|
||||
extern int ecmascript_enabled;
|
||||
|
||||
void
|
||||
save_integrity_in_map(struct uri *uri, char *integrity)
|
||||
{
|
||||
#ifdef CONFIG_ECMASCRIPT_SMJS
|
||||
map_integrity[uri] = null_or_stracpy(integrity);
|
||||
#endif
|
||||
}
|
||||
|
||||
char *
|
||||
get_integrity_from_map(struct uri *uri)
|
||||
{
|
||||
#ifdef CONFIG_ECMASCRIPT_SMJS
|
||||
auto e = map_integrity.find(uri);
|
||||
|
||||
if (e != map_integrity.end()) {
|
||||
return e->second;
|
||||
}
|
||||
#endif
|
||||
return NULL;
|
||||
}
|
||||
|
||||
int
|
||||
ecmascript_get_interpreter_count(void)
|
||||
{
|
||||
@ -203,9 +177,11 @@ process_snippets(struct ecmascript_interpreter *interpreter,
|
||||
(*current) = (*current)->next) {
|
||||
struct string *string = &(*current)->string;
|
||||
char *uristring;
|
||||
char *null_char;
|
||||
struct uri *uri;
|
||||
struct cache_entry *cached;
|
||||
struct fragment *fragment;
|
||||
size_t len;
|
||||
|
||||
if (string->length == 0)
|
||||
continue;
|
||||
@ -217,7 +193,14 @@ process_snippets(struct ecmascript_interpreter *interpreter,
|
||||
}
|
||||
|
||||
/* Eval external <script src="reference"></script> snippet */
|
||||
uristring = string->source + 1;
|
||||
null_char = strchr(string->source + 1, '\0');
|
||||
|
||||
if (!null_char) {
|
||||
continue;
|
||||
}
|
||||
len = null_char - string->source - 1;
|
||||
|
||||
uristring = null_char + 1;
|
||||
if (!*uristring) continue;
|
||||
|
||||
uri = get_uri(uristring, URI_BASE);
|
||||
@ -225,18 +208,17 @@ process_snippets(struct ecmascript_interpreter *interpreter,
|
||||
|
||||
cached = get_redirected_cache_entry(uri);
|
||||
|
||||
#ifdef CONFIG_ECMASCRIPT_SMJS
|
||||
if (cached) {
|
||||
char *integrity = get_integrity_from_map(uri);
|
||||
char *integrity = len > 0 ? memacpy(string->source + 1, len) : NULL;
|
||||
|
||||
if (integrity) {
|
||||
if (!validate_cache_integrity(cached, integrity)) {
|
||||
cached = NULL;
|
||||
fprintf(stderr, "Integrity failed for %s\n", struri(uri));
|
||||
}
|
||||
mem_free(integrity);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
done_uri(uri);
|
||||
|
||||
if (!cached) {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user